From eea3ee5e7a163921a57ffad75a6e30062f6f4f1f Mon Sep 17 00:00:00 2001 From: Chris Sherlock Date: Tue, 19 Mar 2024 11:46:37 +0000 Subject: [PATCH 1/7] Add initial SonarCloud scan workflow --- .../continuous-integration-dotnet.yml | 76 +++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 .github/workflows/continuous-integration-dotnet.yml diff --git a/.github/workflows/continuous-integration-dotnet.yml b/.github/workflows/continuous-integration-dotnet.yml new file mode 100644 index 0000000..301470b --- /dev/null +++ b/.github/workflows/continuous-integration-dotnet.yml @@ -0,0 +1,76 @@ +name: .NET Build and Test + +on: + push: + branches: + - main + pull_request: + branches: [ main ] + types: [ opened, synchronize, reopened ] + +env: + DOTNET_VERSION: '6.0.403' + JAVA_VERSION: '17' + +jobs: + build-and-test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.ref }} + fetch-depth: 0 # Shallow clones disabled for a better relevancy of SC analysis + + - name: Setup .NET + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.DOTNET_VERSION }} + + - name: Setup JDK + uses: actions/setup-java@v4 + with: + distribution: 'microsoft' + java-version: ${{ env.JAVA_VERSION }} + + - name: Cache SonarCloud packages + uses: actions/cache@v4 + with: + path: ~\sonar\cache + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + + - name: Cache SonarCloud scanner + id: cache-sonar-scanner + uses: actions/cache@v3 + with: + path: .\.sonar\scanner + key: ${{ runner.os }}-sonar-scanner + restore-keys: ${{ runner.os }}-sonar-scanner + + - name: Install SonarCloud scanner + if: steps.cache-sonar-scanner.outputs.cache-hit != 'true' + run: dotnet tool install --global dotnet-sonarscanner + + - name: Install dotnet reportgenerator + run: dotnet tool install --global dotnet-reportgenerator-globaltool + + - name: Add nuget package source + run: dotnet nuget add source --username USERNAME --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/DFE-Digital/index.json" + + - name: Restore tools for tests + run: dotnet tool restore + + # - name: Restore dependencies + # run: dotnet restore TramsDataApi.sln + + - name: Build, Test and Analyze + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + ConnectionStrings__DefaultConnection: ${{ env.CONNECTION_STRING }} + run: | + dotnet-sonarscanner begin /k:"DFE-Digital_identifiers-api" /o:"dfe-digital" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.coverageReportPaths=CoverageReport/SonarQube.xml + dotnet build --no-restore + dotnet test --no-build --verbosity normal --collect:"XPlat Code Coverage" + reportgenerator -reports:./**/coverage.cobertura.xml -targetdir:./CoverageReport -reporttypes:SonarQube + dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" From bfcbca7d110a8c75f459c60726b7030ac6344527 Mon Sep 17 00:00:00 2001 From: Chris Sherlock Date: Tue, 26 Mar 2024 09:16:02 +0000 Subject: [PATCH 2/7] Update sonarcloud workflow with project solution --- .github/workflows/continuous-integration-dotnet.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/continuous-integration-dotnet.yml b/.github/workflows/continuous-integration-dotnet.yml index 301470b..e21390c 100644 --- a/.github/workflows/continuous-integration-dotnet.yml +++ b/.github/workflows/continuous-integration-dotnet.yml @@ -41,7 +41,7 @@ jobs: - name: Cache SonarCloud scanner id: cache-sonar-scanner - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: .\.sonar\scanner key: ${{ runner.os }}-sonar-scanner @@ -60,8 +60,8 @@ jobs: - name: Restore tools for tests run: dotnet tool restore - # - name: Restore dependencies - # run: dotnet restore TramsDataApi.sln + - name: Restore dependencies + run: dotnet restore Dfe.Identifiers.sln - name: Build, Test and Analyze env: From 0fba67a932a54b0c59443d800ea54f30c6fc08b3 Mon Sep 17 00:00:00 2001 From: Chris Sherlock Date: Tue, 19 Mar 2024 11:46:37 +0000 Subject: [PATCH 3/7] Add initial SonarCloud scan workflow --- .../continuous-integration-dotnet.yml | 76 +++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 .github/workflows/continuous-integration-dotnet.yml diff --git a/.github/workflows/continuous-integration-dotnet.yml b/.github/workflows/continuous-integration-dotnet.yml new file mode 100644 index 0000000..301470b --- /dev/null +++ b/.github/workflows/continuous-integration-dotnet.yml @@ -0,0 +1,76 @@ +name: .NET Build and Test + +on: + push: + branches: + - main + pull_request: + branches: [ main ] + types: [ opened, synchronize, reopened ] + +env: + DOTNET_VERSION: '6.0.403' + JAVA_VERSION: '17' + +jobs: + build-and-test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.ref }} + fetch-depth: 0 # Shallow clones disabled for a better relevancy of SC analysis + + - name: Setup .NET + uses: actions/setup-dotnet@v4 + with: + dotnet-version: ${{ env.DOTNET_VERSION }} + + - name: Setup JDK + uses: actions/setup-java@v4 + with: + distribution: 'microsoft' + java-version: ${{ env.JAVA_VERSION }} + + - name: Cache SonarCloud packages + uses: actions/cache@v4 + with: + path: ~\sonar\cache + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + + - name: Cache SonarCloud scanner + id: cache-sonar-scanner + uses: actions/cache@v3 + with: + path: .\.sonar\scanner + key: ${{ runner.os }}-sonar-scanner + restore-keys: ${{ runner.os }}-sonar-scanner + + - name: Install SonarCloud scanner + if: steps.cache-sonar-scanner.outputs.cache-hit != 'true' + run: dotnet tool install --global dotnet-sonarscanner + + - name: Install dotnet reportgenerator + run: dotnet tool install --global dotnet-reportgenerator-globaltool + + - name: Add nuget package source + run: dotnet nuget add source --username USERNAME --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/DFE-Digital/index.json" + + - name: Restore tools for tests + run: dotnet tool restore + + # - name: Restore dependencies + # run: dotnet restore TramsDataApi.sln + + - name: Build, Test and Analyze + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + ConnectionStrings__DefaultConnection: ${{ env.CONNECTION_STRING }} + run: | + dotnet-sonarscanner begin /k:"DFE-Digital_identifiers-api" /o:"dfe-digital" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.coverageReportPaths=CoverageReport/SonarQube.xml + dotnet build --no-restore + dotnet test --no-build --verbosity normal --collect:"XPlat Code Coverage" + reportgenerator -reports:./**/coverage.cobertura.xml -targetdir:./CoverageReport -reporttypes:SonarQube + dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" From 322be4b39eb8a99247ce69050f07091f2867ef62 Mon Sep 17 00:00:00 2001 From: Chris Sherlock Date: Tue, 26 Mar 2024 09:16:02 +0000 Subject: [PATCH 4/7] Update sonarcloud workflow with project solution --- .github/workflows/continuous-integration-dotnet.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/continuous-integration-dotnet.yml b/.github/workflows/continuous-integration-dotnet.yml index 301470b..e21390c 100644 --- a/.github/workflows/continuous-integration-dotnet.yml +++ b/.github/workflows/continuous-integration-dotnet.yml @@ -41,7 +41,7 @@ jobs: - name: Cache SonarCloud scanner id: cache-sonar-scanner - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: .\.sonar\scanner key: ${{ runner.os }}-sonar-scanner @@ -60,8 +60,8 @@ jobs: - name: Restore tools for tests run: dotnet tool restore - # - name: Restore dependencies - # run: dotnet restore TramsDataApi.sln + - name: Restore dependencies + run: dotnet restore Dfe.Identifiers.sln - name: Build, Test and Analyze env: From 8d755805715bed222a53d27de1e3492a3b93eb64 Mon Sep 17 00:00:00 2001 From: Chris Sherlock Date: Mon, 8 Apr 2024 15:18:55 +0100 Subject: [PATCH 5/7] Move out dotnet test command temporarily --- .github/workflows/continuous-integration-dotnet.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/continuous-integration-dotnet.yml b/.github/workflows/continuous-integration-dotnet.yml index e21390c..8983992 100644 --- a/.github/workflows/continuous-integration-dotnet.yml +++ b/.github/workflows/continuous-integration-dotnet.yml @@ -71,6 +71,8 @@ jobs: run: | dotnet-sonarscanner begin /k:"DFE-Digital_identifiers-api" /o:"dfe-digital" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.coverageReportPaths=CoverageReport/SonarQube.xml dotnet build --no-restore - dotnet test --no-build --verbosity normal --collect:"XPlat Code Coverage" - reportgenerator -reports:./**/coverage.cobertura.xml -targetdir:./CoverageReport -reporttypes:SonarQube dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" + dotnet test --no-build --verbosity normal --collect:"XPlat Code Coverage" + +# Todo add this back to previous step once tests in place +# reportgenerator -reports:./**/coverage.cobertura.xml -targetdir:./CoverageReport -reporttypes:SonarQube \ No newline at end of file From fdef212ee74c47601d420e6e73d5300d05cd4763 Mon Sep 17 00:00:00 2001 From: Chris Sherlock Date: Mon, 8 Apr 2024 15:20:48 +0100 Subject: [PATCH 6/7] Move out dotnet test command temporarily --- .github/workflows/continuous-integration-dotnet.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/continuous-integration-dotnet.yml b/.github/workflows/continuous-integration-dotnet.yml index 75aa393..1c48369 100644 --- a/.github/workflows/continuous-integration-dotnet.yml +++ b/.github/workflows/continuous-integration-dotnet.yml @@ -71,14 +71,8 @@ jobs: run: | dotnet-sonarscanner begin /k:"DFE-Digital_identifiers-api" /o:"dfe-digital" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.coverageReportPaths=CoverageReport/SonarQube.xml dotnet build --no-restore -<<<<<<< HEAD dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" dotnet test --no-build --verbosity normal --collect:"XPlat Code Coverage" # Todo add this back to previous step once tests in place # reportgenerator -reports:./**/coverage.cobertura.xml -targetdir:./CoverageReport -reporttypes:SonarQube -======= - dotnet test --no-build --verbosity normal --collect:"XPlat Code Coverage" - reportgenerator -reports:./**/coverage.cobertura.xml -targetdir:./CoverageReport -reporttypes:SonarQube - dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" ->>>>>>> 322be4b39eb8a99247ce69050f07091f2867ef62 From fbe3d8c5003adfb2c8d700186258d9ceddf132bd Mon Sep 17 00:00:00 2001 From: Chris Sherlock Date: Mon, 8 Apr 2024 15:24:08 +0100 Subject: [PATCH 7/7] Remove coverage report path temp whilst not created --- .github/workflows/continuous-integration-dotnet.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/continuous-integration-dotnet.yml b/.github/workflows/continuous-integration-dotnet.yml index 1c48369..ff5d420 100644 --- a/.github/workflows/continuous-integration-dotnet.yml +++ b/.github/workflows/continuous-integration-dotnet.yml @@ -69,10 +69,11 @@ jobs: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} ConnectionStrings__DefaultConnection: ${{ env.CONNECTION_STRING }} run: | - dotnet-sonarscanner begin /k:"DFE-Digital_identifiers-api" /o:"dfe-digital" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.coverageReportPaths=CoverageReport/SonarQube.xml + dotnet-sonarscanner begin /k:"DFE-Digital_identifiers-api" /o:"dfe-digital" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" dotnet build --no-restore dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" dotnet test --no-build --verbosity normal --collect:"XPlat Code Coverage" # Todo add this back to previous step once tests in place +# /d:sonar.coverageReportPaths=CoverageReport/SonarQube.xml # reportgenerator -reports:./**/coverage.cobertura.xml -targetdir:./CoverageReport -reporttypes:SonarQube